Slash Boxes

SoylentNews is people

posted by LaminatorX on Thursday May 29 2014, @04:03AM   Printer-friendly
from the Another-one-bites-the-dust dept.

The TrueCrypt website has been changed it now has a big red warning stating "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues". They recommend using BitLocker for Windows 7/8, FileVault for OS X, or (whatever) for Linux. So, what happened? The TrueCrypt site says:

This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Did the TrueCrypt devs (or SourceForge?) get a NSL? They are offering a "new" version (7.2), but apparently the signing key has changed and a source code diff seems to indicate a lot of the functionality has been stripped out. What's up?

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by bradley13 on Thursday May 29 2014, @07:06AM

    by bradley13 (3053) on Thursday May 29 2014, @07:06AM (#48604) Homepage Journal

    I have to agree - it seems to me that the most likely scenario is LavaBit all over again:

    • The developers got an NSA demanding that they build a backdoor into their software.
    • The only way they can refuse is by ending the project entirely.
    • The nonsense about XP and BitLocker is a fig leaf to mitigate contempt charges.


    Truecrypt has been a hugely valuable tool for millions of people. It is cross-platform and it is absolutely easy to use. I've tried other solutions out there, and no other platform independent solution is nearly as good on the usability front - and usability is critical to security applications or else people won't bother with them...

    We need Truecrypt, or an equivalent replacement...

    Everyone is somebody else's weirdo.
    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Underrated=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 1) by WillR on Thursday May 29 2014, @02:11PM

    by WillR (2012) on Thursday May 29 2014, @02:11PM (#48739)
    My bet is that the NSA (or GCHQ or whoever) demanded TrueCrypt's signing key so they could distribute backdoored versions of TC with valid signatures to their targets.

    There's less likelihood of the backdoor being found by an audit if it's only sent to a few entities, and that fits with other NSA activities that have come to light like intercepting and backdooring some Cisco routers in transit instead of backdooring IOS. So the TrueCrypt devs decided to play along just enough to avoid jail, then burn the key by using it to sign an update with giant flashing red "TrueCrypt is insecure!!!" warnings all over it.